CVE-2009-1291

Name of the Vulnerable Software and Affected Versions TIBCO SmartSockets versions prior to 6.8.2 TIBCO SmartSockets Product Family (aka RTworks) versions prior to 4.0.5 TIBCO Enterprise Message Service (EMS) versions 4.0.0 through 5.1.1

Description The issue allows remote attackers to execute arbitrary code via inbound data. This can be demonstrated by requests to the UDP interface of the RTserver component and data injection into the TCP stream to tibemsd.

Recommendations For TIBCO SmartSockets versions prior to 6.8.2, update to version 6.8.2 or later. For TIBCO SmartSockets Product Family (aka RTworks) versions prior to 4.0.5, update to version 4.0.5 or later. For TIBCO Enterprise Message Service (EMS) versions 4.0.0 through 5.1.1, update to a version outside of this range.